ClawHub

quick-note-tool

Security checks across malware telemetry and agentic risk

Overview

This is a simple local note-taking skill with ordinary plaintext storage risks, not hidden or malicious behavior.

Use this only for ordinary local notes and snippets. Do not save real API keys, passwords, tokens, or confidential information because notes are plaintext workspace files. Confirm exact note IDs before deleting, and avoid the PowerShell command unless the referenced script is present and reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill exposes a destructive delete capability even though its declared purpose is only saving and reading short snippets. This violates the principle of least surprise and can cause unintended data loss if an agent or user invokes functionality that is not disclosed by the manifest or expected from the skill description.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly advertises persistent note storage and includes an example storing an API key, but provides no warning that workspace notes may contain sensitive data in plaintext. This can normalize unsafe secret handling and lead users or downstream agents to persist credentials where they may be exposed through workspace access, backups, logs, or later retrieval.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation phrases for creating notes are broad enough that normal conversation could be misinterpreted as a command, causing unintended persistence of user content. In this skill, that risk is amplified because stored notes may include secrets or sensitive snippets and are written to a workspace file, creating an accidental data retention issue.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Deletion commands triggered by phrases like 'delete note X' or 'remove note about X' are unsafe when the matching rules and confirmation requirements are unspecified. A loose interpretation could delete the wrong note or allow accidental destructive actions from conversational text, and note deletion has integrity impact even if backups exist.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly encourages storing arbitrary snippets, including examples like API keys, in a workspace file without warning users that this location may be readable by other tools, committed to version control, or otherwise exposed. The context makes this more dangerous because note-taking naturally invites users to paste sensitive material, turning an ordinary convenience feature into a potential secrets leakage path.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The delete operation permanently removes note blocks immediately, with no confirmation prompt, dry-run, or safety interlock. In an agent setting, ambiguous user requests, prompt injection, or misrouting could trigger irreversible deletion of stored notes, making the absence of confirmation materially risky.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal